Cybersecurity - TVM - Attack & Pen - Red Team - Manager - Consulting - Location OPEN

$143,500 - $263,200/Yr

Ernst & Young - Baltimore, MD

posted 3 months ago

Full-time - Mid Level
Baltimore, MD
Professional, Scientific, and Technical Services

About the position

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. As an information security specialist, you will lead the implementation of security solutions for our clients and support them in their desire to protect their business. You will belong to an internationally connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime. Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team works together in planning, pursuing, delivering, and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients. We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. The exceptional EY experience lasts a lifetime, regardless of when you join or how long you stay.

Responsibilities

  • Plan and execute penetration testing projects such as internet, intranet, wireless, web application, cloud, social engineering, and physical penetration testing.
  • Develop and execute red team scenarios to highlight gaps impacting organizations' security postures.
  • Lead and mentor a team of penetration testers by providing guidance, technical leadership, and support to foster their professional growth.
  • Stay current with emerging security threats, vulnerabilities, exploitation techniques, and industry best practices.
  • Perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, associated risks, and actionable recommendations.
  • Manage and execute penetration testing projects using established methodology, tools, and adhering to agreed-upon rules of engagement.
  • Effectively communicate complex technical security concepts to a variety of audiences, including both technical stakeholders and non-technical executives.

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering, or a related major with a minimum of 6+ years of related work experience, or a Master's degree and approximately 3-4+ years of related work experience in penetration testing.
  • Experience in managing and executing penetration testing projects.
  • Experience with manual attack and penetration testing.
  • Experience in establishing and managing Red Team or application penetration testing programs.
  • Experience with scripting/programming skills (e.g., Python, PowerShell, Java, Perl, etc.).
  • Updated and familiarized with the latest exploits and security trends.
  • Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
  • Proficient in overseeing multiple attack and penetration testing projects simultaneously while effectively navigating strict deadlines.

Nice-to-haves

  • Knowledge of Windows, Linux, Unix, and other major operating systems.
  • Familiarity with the latest exploits, tactics, techniques, and procedures (TTP), vulnerability remediation, and security trends in Cloud implementations.
  • Deep understanding of the MITRE ATT&CK framework.
  • Engage with the security community through research, CVE disclosures, bug bounty recognition, open-source contributions, blogging, publishing, and other related activities, including presenting research at prominent cybersecurity conferences.
  • Deep understanding of TCP/IP network protocols.
  • Deep understanding and experience with various Active Directory attack techniques.
  • Understanding of network security and popular attack vectors.
  • An understanding of web-based application vulnerabilities (OWASP Top 10).

Benefits

  • Comprehensive compensation and benefits package based on performance.
  • Medical and dental coverage.
  • Pension and 401(k) plans.
  • Wide range of paid time off options including flexible vacation policy, designated EY Paid Holidays, Winter/Summer breaks, and Personal/Family Care.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service